Just drop you a quick line a new hotfix for Configuration Manager 2012 R2 is released which improves the process of getting policies applied to mobile devices. When a user becomes a cloud-managed user (CloudUserID), a settings policy may not target the assignment for the user this due to different user(s) with same clouduserID. This behavior was introduced by CU2 and CU3.

This problem affects only environments that use the Intune Connector together with Configuration Manager 2012 R2.

This problem occurs only when Cumulative Update 2 or Cumulative Update 3 for Configuration Manager is installed.

UPDATE! Hereby a quick note that you no longer have to contact support, it’s available in the in the December Windows Update. Just install the latest Windows Update on your Windows Server 2012 R2 and you should be good to go. December 2014 update rollup for Windows RT 8.1, Windows 8.1, and Windows Server 2012 R2 http://support.microsoft.com/kb/3013769

UPDATE! A private hofix (for now) is available that fixes URL length issues with Windows Application Proxy (applicable for NDES deployments) KB523052. This hotfix can be requested through a PSS case. For more details click here.

For those who are using Web Application Proxy (WAP) and intent or already have been published Network Device Enrolment Service (NDES) might noticed this isn’t working, even when pass-through preauthentication is configured. This post will go into details how NDES is working including a brief explanation of the issue.

The Network Device Enrollment Service (NDES) allows mobile devices running without domain credentials to obtain certificates based on the Simple Certificate Enrollment Protocol (SCEP). The user certificates can be used for managing company resource access (E-mail, WiFi- and VPN profiles) instead of using user name + password. This existing technique is recently emphatically re-evaluated by the use and application for mobile device management in relation to BYOD scenarios.

Most of you are problably aware of Microsoft (Windows) Intune extensions and using them briefly without any issue(s). New extensions becomes automatically available through the Microsoft Intune connector and new updates are merged or installed to introduce new features taking benefits of the Microsoft Intune cloud services platform.

So far so good…but if you’ve bad luck extensions comes partly down or becomes not available at all to your Configuration Manager instance! Unfortunately there is no way to force a trigger of the tenant discovery process and thus the installation of Microsoft Intune extensions. In normal circumstances it will take up to 24 hours after registering your Intune subscription untill the Intune extensions comes down to your Configuration Manager instance. This pitty if you would speed up the process of installing new deployments or you’re in a disaster recovery scenario. Hereby some guidelines for troubleshooting Microsoft Intune extensions, logs locations(s), Certificate Thumbprint ID, SQL query and validating the connectivity with Microsoft Intune.

As you probably know a prerequisite for implementing Active Directory Federation Services (AD FS) based on Windows Server 2012 R2 is to have at least a Windows Server 2012 R2 domain controller available in your infrastructure.

In a nut shell: Windows Intune Extensions are new features which will be delivered by your Windows Intune Cloud Services (Windows Intune Connector) into your Configuration Manager site.

proces of installing Windows Intune Extensions

What are Windows Intune Extentions?

With extensions you are able to introduce new capabilities through Windows Intune are available from within the Configuration Manager console. Configuration Manager administrators can enable individual extensions to gain access to these new capabilities without waiting for the next service pack or major product release to introduce that functionality. Continue reading “A closer look at Windows Intune Extensions…what’s in it for me?”→

As Microsoft announced on September 23rd updating their Windows Intune cloud service which will be available October 18th I thought it might be interesting having a closer look what is going-on after installing the Windows Intune client agents software.

In this post I will cover the following points of Windows Intune. Enjoy

As you might know Microsoft has started upgrading the Windows Intune cloud service to the next version, Wave E which will be (GA) available on October 18th together with System Center R2.

With the arrival of these new product versions Microsoft introduces a lot of new features and settings related to Unified Device Management #UDM (formerly known as Mobile Device Management #MDM). Some new features are:

Extended Windows Intune connector

Native Self-Service Portal App for Windows iOS & Andriod platform

Support for Work Folders

Resource Access

Selective Wipe

Ronni Pedersen provides in a blog post a complete overview of all new features comming with R2 and wave E.